My TechDecisions

IT Infrastructure, Network Security, News

IT Security Experts Should Pay Close Attention To What’s Happening in Ukraine

The conflict between Russian and Ukraine and the advanced cyberattacks being launched should concern everyone, experts say.

Leave a Comment

Destructive Malware Ukraine
stock.adobe.com/Sashkin

If the last few years are any indication, cybercriminals will continue adopting new tactics and techniques to find ways past our network defenses, and that was on display in full force at RSA Conference earlier this month, where cybersecurity experts shared what they’re seeing in the wild. The annual cybersecurity conference was held at a pivotal time in the cybersecurity space, as tensions between nation states and a kinetic war between Russia and Ukraine have been preluded by large-scale cyberattacks.

The ongoing conflict between Russia and Ukraine is the first large-scale example of a nation state preluding a military invasion with devastating cyberattacks against its enemy, with Ukraine being hit with destructive malware and wipers before it was invaded by its larger neighbor, says John Fokker, principal engineer and head of cyber investigations for Trellix Threat Labs, a sponsor of the conference.

In addition to the continued prevalence of ransomware and software supply chain compromises, the sophisticated attacks that have become part of nation states’ war strategies is most alarming to Fokker, who sat down with TechDecisions for an interview after the show.

Fokker says network defenders elsewhere should prepare for similar kinds of attacks as the cyber stage becomes another battlefront of modern warfare, and as ransomware groups and nation states begin to learn from one another. Russia has long been known to be a safe haven for ransomware groups as long as they target Russia’s adversaries, and the Conti ransomware leaks exposed some of that working relationship.

“If you as a foreign actor want to deploy a more disruptive way of spreading malware, you can actually learn from ransomware actors if you want to deploy a wiper across a network, because they’ve honed their skills in penetrating a network from A-to-Z in the shortest amount of time in the last few years,” Fokker says.

Fokkers comments are in addition to a panel session that has been featured at RSA each year on the five most dangerous new attack techniques. Featuring cybersecurity experts, the session detailed how threat actors are using cloud infrastructure to conduct attacks, compromising backups, leveraging spyware and worms, and how nation states are turning their attention to large-scale cyberattacks targeting satellites.

The panelists discussed the prevalence of cloud infrastructure and its rising use by threat actors to blend into victim infrastructure and avoid detection, the need to securely backup systems, the lingering threat of worms, mobile device security and the rising use of spyware like Pegasus and new cyberattacks being conducted on the international stage.

Trellix researchers have seen the same thing play out in Eastern Europe, with cyberattacks ranging from tried-and-true methods like phishing and exploiting vulnerabilities to backdoors and destructive malware.

The company published a report earlier this month detailing some of these attacks, including phishing campaigns that impersonated the country’s Ministry of Defense and cybersecurity agency. However, it was the wipers deployed by Russian nation-state groups that got a considerable amount of attention earlier this year.

According to Trellix Threat Labs’ report, the company observed a threat actor attempt to deploy a wiper on a victim’s network, but the wiper, dubbed WhisperGate, failed to execute. However, it took the group only two-and-a-half hours to deploy another wiper, this time HermeticWiper.

Fokker urges organizations, cybersecurity experts and IT professionals—especially those working for organizations that could be targets for nation-state actors—to pay close attention to what’s happening on the international stage.

“Make no mistake—if you have an (advanced persistent threat actor) as a potential threat to your organization, you should take very close notice of what is going on right now,” Fokker says. “From a threat intelligence perspective, I think we’re at a very pivotal moment.”

According to the threat intelligence expert, the Russia-Ukraine conflict is the first time in history where a superpower launched cyberattacks and followed it up with a kinetic invasion.

“History is being written as we speak,” Fokker says.

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Uber Advanced Technologies Group Drives its Business Forward

The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Windows 11
Blueprint Series: Upgrading to Windows 11

Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted...

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ